Unable to request new certificate on TMG Server

Solve this by creating a Firewall Policy for RPC traffic to the Certificate Server Authority.
 
Source: http://tmgblog.richardhicks.com/2014/04/21/forefront-tmg-2010-computer-certificate-request-or-renewal-fails/
2016-01-29 @ 16:31:00 Permalink Windows Server Kommentarer (0) Trackbacks ()

DPM-VMM Helper Service not starting!

After installing the VMM Console and Agent on our DPM server to enable back up of Hyper-V Live Migration Cluster, the DPM-VMM Helper Service (VmmHelperServiceHost.exe) does not start on Windows Server 2012.
 
This can be found in Event Viewer:
 
Log Name: Application
Source: DpmVmmHelperService
Event ID: 0
 
 Service cannot be started. System.Reflection.TargetInvocationException: Exception has been thrown by the target of an invocation. ---> System.Security.SecurityException: Requested registry access is not allowed.
   at Microsoft.Win32.RegistryKey.OpenSubKey(String name, Boolean writable)
   at Microsoft.Internal.EnterpriseStorage.Dls.VmmHelper.RunSpacePool.GetNumberOfSteadyStateRunspaces()
   at Microsoft.Internal.EnterpriseStorage.Dls.VmmHelper.CVmmHelperService..ctor()
   --- End of inner exception stack trace ---
   at System.RuntimeMethodHandle.InvokeMethod(Object target, Object[] arguments, Signature sig, Boolean constructor)
   at System.Reflection.RuntimeConstructorInfo.Invoke(BindingFlags invokeAttr, Binder binder, Object[] parameters, CultureInfo culture)
   at System.ServiceModel.Description.ServiceDescription.CreateImplementation(Type serviceType)
   at System.ServiceModel.Description.ServiceDescription.SetupSingleton(ServiceDescription serviceDescription, Object implementation, Boolean isWellKnown)
   at System.S...
 
When trying to start the service in services.msc, it states:
 
The DPM-VMM Helper Service service on Local Computer started and then stopped. Some services stop automatically if they are not in use by other services or programs.
 
I fired up Process Monitor (http://technet.microsoft.com/en-us/sysinternals/bb896645.aspx) and filtered out the process VmmHelperServiceHost.exe highlighting the result ACCESS DENIED and found this:
 
VmmHelperServiceHost.exe 7392 RegOpenKey HKLM\Software\Microsoft\Microsoft Data Protection Manager\2.0\Configuration ACCESS DENIED Desired Access: Read
 
I opened up regedit and browsed to HKLM\Software\Microsoft\Microsoft Data Protection Manager\2.0\Configuration, added the permission Everyone Read to that key and voila! The service started.
 
Hope this helps someone out as I couldn't find anything regarding this issue on google.
 
Ciao :)
 
 
2013-12-16 @ 14:45:00 Permalink Data Protection Manager Kommentarer (0) Trackbacks ()

Time Configuration in a Windows domain

To configure the Domain Controller with the PDC Emulator FSMO to another time source, run:

w32tm /config /manualpeerlist:PEERS /syncfromflags:manual /reliable:yes /update

Please set for PEERS the time source as listed above, either with it’s ip address or DNS name. If more then one is needed separate them with a space in between and don't forget the quotes: "time.domain.com time1.domain.com"

Internet Time servers you can find here: http://www.pool.ntp.org/

 

Tto configure a domain computer for automatic domain time synchronization, run:

w32tm /config /syncfromflags:domhier /update
net stop w32time
net start w32time

 

To reconfigure the previous PDC Emulator, in case of transferring/seizing the FSMO to another Domain Controller, run:

w32tm /config /syncfromflags:domhier /reliable:no /update
net stop w32time
net start w32time

 

If you have to reconfigure a Windows 2000 Server Domain Controller, the steps are different after transferring/seizing the PDC Emulator role to another Domain Controller:

- you have to modify the "Type" value to "Nt5Ds" without the quotes under this registry key:

HKLM\ SYSTEM\ CurrentControlSet\ Services\ W32Time\ Parameters\

 

If you have problems with the time service configuration, because too many changes where done in the registry or you like start fresh on a computer, then you can reset the time service to a default state the following way. Make sure to use an elevated command prompt, to have full administrative permissions. Then type in the following commands:

net stop w32time

w32tm /unregister

w32tm /register

net start w32time

 

To check Domain Controller synchronization, run:

w32tm /monitor

 

To check a domain computers configuration, run:

w32tm /query /status

2013-03-04 @ 14:25:00 Permalink Active Directory Kommentarer (0) Trackbacks ()

Sök i bloggen
Senaste inläggen
Kategorier
Arkiv
RSS 2.0